Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
l
Land Attack
A Land attack sets the source and destination addresses of a TCP SYN packet to the IP address
of the attacked target. The target then sends the SYN-ACK message to its own IP address, and
an ACK message is sent back to the target. This forms a null session. Every null session exists
until it times out. The responses to the Land attack vary according to the targets. For instance,
many UNIX hosts crash while Windows NT hosts slow down.
Smurf Attack
A simple Smurf attack is used to attack a network. The attacker sends an ICMP request to the
broadcast address of the network. All the hosts on the network then respond to the request and
the network is congested. The traffic caused by a Smurf attack is one or two orders of magnitude
higher than the traffic caused by ping of large packets.
An advanced Smurf attack targets hosts. The attacker changes the source address of an ICMP
request to the IP address of the target host. The host becomes overwhelmed with ICMP replies,
then crashes. This attack is more effective when a large volume of ICMP requests packets are
generated and when there are a large number of hosts on the network.
WinNuke Attack
A WinNuke attack sends an out-of-band (OOB) data packet to the NetBIOS port (139) of the
target host running the Windows operating system. The NetBIOS fragment then overlaps and
the host crashes. An Internet Group Management Protocol (IGMP) fragment packet can also
damage the target host because the IGMP packet is not fragmented. An attack occurs when a
host receives an IGMP packet.
SYN Flood Attack
The TCP/IP protocol stack only permits a limited number of TCP connections due to resource
restriction. SYN Flood attacks utilize this TCP/IP characteristic. The attacker forges a SYN
packet whose source address is forged or nonexistent and originates a connection to the server.
Upon receipt of this packet, the server replies with SYN-ACK. Because there is no receiver of
the SYN-ACK packet, a half-connection is created. If the attacker sends a large number of these
packets, a lot of half-connections are produced on the attacked host and the host's resources will
be exhausted. Common users cannot access the host till the half-connections expire. If the
connections can be created without restriction, SYN Flood will consume the system resources
such as memory.
Issue 01 (2012-03-15)
Scanning and snooping attacks identify the existing systems on the network through ping
scanning (including ICMP and TCP scanning), and then discover potential targets. Through
TCP scanning, the attackers can learn the operating system and the monitored services. By
scanning and snooping, an attacker can generally know the service type and security
vulnerability of the system and plan further intrusion to the system.
Malformed packet attack
Malformed packet attacks send malformed IP packets to the system. Under such an attack,
the system crashes when processing the malformed IP packets. Malformed packet attacks
include Ping of Death and Teardrop.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
32
Advertisement
Table of Contents
